modules: massive code cleanup and style improvements

modules/desktop.nix

@@ -2,15 +2,13 @@
 
 {
   ## Enable the X11 windowing system.
-  services.xserver.enable = true;
-  services.xserver.excludePackages = with pkgs; [
-    xterm
-  ];
-
-  # Configure keymap in X11
   services.xserver = {
+    enable = true;
     xkb.layout = "us";
     xkb.variant = "";
+    desktopManager = {
+      xterm.enable = false;
+    };
   };
 
   ## Needed for Flatpaks

modules/gnome/default.nix

@@ -6,16 +6,6 @@
       ../desktop.nix
     ];
 
-  # Enable Gnome and GDM.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-
-  security.pam.services.gdm.enableKwallet = true;
-
-  services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
-
-  services.gnome.tracker-miners.enable = true;
-
   environment.systemPackages = with pkgs; [
     fractal
     gnome.gnome-software
@@ -28,4 +18,17 @@
     gnomeExtensions.tailscale-status
     gnomeExtensions.tiling-assistant
   ];
+
+  # Enable keyring support for KDE apps in GNOME.
+  security.pam.services.gdm.enableKwallet = true;
+
+  # Enable GNOME and GDM.
+  services = {
+    gnome.tracker-miners.enable = true;
+    udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
+    xserver = {
+      desktopManager.gnome.enable = true;
+      displayManager.gdm.enable = true;
+    };
+  };
 }

modules/homelab/default.nix

@@ -10,10 +10,6 @@
     # services.ddclient.enable = true;
     # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
 
-    # Open TCP ports for transmission-server.
-    networking.firewall.allowedTCPPorts = [ 51413 9091 ];
-    networking.firewall.allowedUDPPorts = [ 51413 ];
-
     virtualisation.oci-containers.containers = {
         audiobookshelf = {
             ports = ["0.0.0.0:13378:80"];
@@ -73,7 +69,7 @@
                     MusicFolder = "/Music";
                     DefaultTheme = "Auto";
                     SubsonicArtistParticipations = true;
-                    UIWelcomeMessage = "Welcome to Navidrome on Raffauf Labs.";
+                    UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
                 };
             };
         };

modules/homelab/nginx_proxy.nix

@@ -5,14 +5,19 @@
     # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
 
     # Open TCP ports for audiobookshelf, plex-server, and transmission-server.
-    networking.firewall.allowedTCPPorts = [ 80 443 51413 9091 ];
+    networking = {
-    networking.firewall.allowedUDPPorts = [ 51413 ];
+        firewall = {
-
+            allowedTCPPorts = [ 80 443 51413 9091 ];
-    networking.extraHosts = ''
+            allowedUDPPorts = [ 51413 ];
-        127.0.0.1 music.raffauflabs.com
+        };
-        127.0.0.1 podcasts.raffauflabs.com
+        # My router doesn't expose settings for NAT loopback
-        127.0.0.1 plex.raffauflabs.com
+        # So we have to use this workaround.
-    '';
+        extraHosts = ''
+            127.0.0.1 music.raffauflabs.com
+            127.0.0.1 podcasts.raffauflabs.com
+            127.0.0.1 plex.raffauflabs.com
+        '';
+    };
 
     security.acme = {
         acceptTerms = true;

modules/homelab/samba.nix

@@ -1,36 +1,36 @@
 { config, pkgs, ... }:
 
 {
-    services.avahi.nssmdns = true;
+    services = {
-    services.samba = {
+        samba = {
-      enable = true;
+            enable = true;
-      securityType = "user";
+            securityType = "user";
-      openFirewall = true;
+            openFirewall = true;
-      shares = {
+            shares = {
-        Media = {
+                Media = {
-          comment = "Media @Mauville";
+                    comment = "Media @Mauville";
-          path = "/mnt/Media";
+                    path = "/mnt/Media";
-          browseable = "yes";
+                    browseable = "yes";
-          "read only" = "no";
+                    "read only" = "no";
-          "guest ok" = "yes";
+                    "guest ok" = "yes";
-          "create mask" = "0755";
+                    "create mask" = "0755";
-          "directory mask" = "0755";
+                    "directory mask" = "0755";
+                };
+                Archive = {
+                    comment = "Archive @Mauville";
+                    path = "/mnt/Archive";
+                    browseable = "yes";
+                    "read only" = "no";
+                    "guest ok" = "yes";
+                    "create mask" = "0755";
+                    "directory mask" = "0755";
+                };
+            };
         };
-        Archive = {
+        samba-wsdd = {
-          comment = "Archive @Mauville";
+            enable = true;
-          path = "/mnt/Archive";
+            openFirewall = true;
-          browseable = "yes";
-          "read only" = "no";
-          "guest ok" = "yes";
-          "create mask" = "0755";
-          "directory mask" = "0755";
         };
-      };
-    };
-    
-    services.samba-wsdd = {
-      enable = true;
-      openFirewall = true;
     };
 }
 

modules/homelab/virtualization.nix

@@ -5,17 +5,13 @@
 
   virtualisation = {
     libvirtd.enable = true;
-    podman = {
-      enable = true;
-
-      # Create a `docker` alias for podman, to use it as a drop-in replacement
-      dockerCompat = true;
-
-      # Required for containers under podman-compose to be able to talk to each other.
-      defaultNetwork.settings.dns_enabled = true;
-    };
     oci-containers = {
       backend = "podman";
     };
+    podman = {
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+      enable = true;
+    };
   };
 }

modules/kde.nix

@@ -6,9 +6,13 @@
       ./desktop.nix
     ];
 
-  # Enable the KDE Plasma Desktop Environment.
+  # Enable SDDM + Plasma Desktop.
-  services.xserver.displayManager.sddm.wayland.enable = true;
+  services = {
-  services.xserver.desktopManager.plasma6.enable = true;
+    desktopManager.plasma6.enable = true;
+    xserver = {
+      displayManager.sddm.wayland.enable = true;
+    };
+  };
 
   environment.systemPackages = with pkgs; [
     kdePackages.kate

modules/plymouth.nix

@@ -1,8 +1,9 @@
 { config, pkgs, ... }:
 
 {
-    boot.initrd.verbose = false;
+    boot = {
-    boot.consoleLogLevel = 0;
+        consoleLogLevel = 0;
-
+        initrd.verbose = false;
-    boot.plymouth.enable = true;
+        plymouth.enable = true;
+    };
 }

modules/steam.nix

@@ -3,8 +3,8 @@
 {
     hardware.steam-hardware.enable = true;
     programs.steam = {
-      enable = true;
+        enable = true;
-      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
     };
 }

system/default.nix

@@ -6,64 +6,77 @@
       ./network.nix
       ./sound.nix
     ];
+
   # Set your time zone.
   time.timeZone = "America/New_York";
 
   # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
+  i18n = {
-
+    defaultLocale = "en_US.UTF-8";
-  i18n.extraLocaleSettings = {
+    extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
+      LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
+      LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
+      LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
+      LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
+      LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
+      LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
+      LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
+      LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
+      LC_TIME = "en_US.UTF-8";
+    };
   };
 
-  # Add support for logitech unifying receivers.
+  hardware = {
-  hardware.logitech.wireless.enable = true;
+    # Enable Bluetooth connections.
-  hardware.logitech.wireless.enableGraphical = true;
+    bluetooth.enable = true;
-
+    # Add support for logitech unifying receivers.
-  # Add support for configuring QMK keyboards with Via.
+    logitech.wireless = {
-  hardware.keyboard.qmk.enable = true;
+      enable = true;
+      enableGraphical = true;
+    };
+    # Add support for configuring QMK keyboards with Via.
+    keyboard.qmk.enable = true;
+  };
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
   system.autoUpgrade = {
-    enable = true;
     allowReboot = true;
-    flake = "github:alyraffauf/nixcfg";
     dates = "daily";
+    enable = true;
+    flake = "github:alyraffauf/nixcfg";
     operation = "boot";
     rebootWindow = {
-      lower = "01:00";
+      lower = "02:00";
       upper = "05:00";
     };
   };
 
-  # Delete generations older than 7 days.
+
-  nix.gc = {
+  nix = {
-    automatic = true;
+    gc = {
-    dates = "weekly";
+      # Delete generations older than 7 days.
-    options = "--delete-older-than 7d";
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 7d";
+      randomizedDelaySec = "60min";
+    };
+    # Run GC when there is less than 100MiB left.
+    extraOptions = ''
+      min-free = ${toString (100 * 1024 * 1024)}
+      max-free = ${toString (1024 * 1024 * 1024)}
+    '';
+    settings = {
+      # Automatically optimize the Nix store in the background.
+      auto-optimise-store = true;
+      # Enable experimental `nix` command and flakes.
+      experimental-features = [ "nix-command" "flakes" ];
+    };
   };
 
-  # Automatically optimize the Nix store in the background.
+  home-manager = {
-  nix.settings.auto-optimise-store = true;
+    useGlobalPkgs = true;
-
+    useUserPackages = true;
-  # Run GC when there is less than 100MiB left.
+  };
-  nix.extraOptions = ''
-    min-free = ${toString (100 * 1024 * 1024)}
-    max-free = ${toString (1024 * 1024 * 1024)}
-  '';
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
 }

system/network.nix

@@ -2,50 +2,49 @@
 
 {
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true;
+  networking = {
-  
+    networkmanager.enable = true;
-  # Enable tailscale
+    firewall.allowedTCPPortRanges = [
-  services.tailscale.enable = true;
+      # KDE Connect
-
+      { from = 1714; to = 1764; }
-  # Enable avahi.
+      # Soulseek
-  services.avahi.enable = true;
+      { from = 2234; to = 2239; }
-  services.avahi.publish.enable = true;
+    ];
-  services.avahi.publish.addresses = true;
+    firewall.allowedUDPPortRanges = [
-  services.avahi.publish.workstation = true;
+      # KDE/GS Connect
-
+      { from = 1714; to = 1764; }
-  # for a WiFi printer
+      # Soulseek
-  services.avahi.openFirewall = true;
+      { from = 2234; to = 2239; }
-
+    ];
-  hardware.bluetooth.enable = true;
+  };
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
 
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
   };
 
-  # Enable the OpenSSH daemon.
+  services = {
-  services.openssh.enable = true;
+    # Enable avahi for auto network discovery.
-
+    avahi = {
-  # Open TCP ports for SSH and Syncthing.
+      enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 8384 22000 ];
+      nssmdns4 = true;
-  
+      openFirewall = true;
-  # Open UDP ports for Syncthing.
+      publish = {
-  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
+        addresses = true;
-
+        enable = true;
-  networking.firewall.allowedTCPPortRanges = [
+        workstation = true;
-    # KDE Connect
+      };
-    { from = 1714; to = 1764; }
+    };
-    # Soulseek
+    # Enable remote connections with SSH.
-    { from = 2234; to = 2239; }
+    openssh = {
-  ];
+      enable = true;
-
+      openFirewall = true;
-  networking.firewall.allowedUDPPortRanges = [
+    };
-    # KDE Connect
+    # Enable printing.
-    { from = 1714; to = 1764; }
+    printing.enable = true;
-    # Soulseek
+    # Syncthing runs as a user service, but needs its ports open here.
-    { from = 2234; to = 2239; }
+    syncthing.openDefaultPorts = true;
-  ];
+    # Enable tailscale for easy Wireguard VPNs on a tailnet.
+    tailscale.enable = true;
+  };
 }

system/sound.nix

@@ -14,7 +14,5 @@
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
   };
 }